summaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
authorkali kaneko (leap communications) <kali@leap.se>2020-08-11 22:38:13 +0200
committerkali kaneko (leap communications) <kali@leap.se>2020-08-11 22:38:13 +0200
commit5ba62c56b2a94b9f5ae06b150713f84d5a3144fa (patch)
tree5f572c3a06dbd91a144efb63a4dba55535fdd65a /pkg
parent33b9ba9abadb8cea8f5840bb11fb9de489b120e3 (diff)
[refactor] simplify, make port optional
Diffstat (limited to 'pkg')
-rw-r--r--pkg/backend/api.go9
-rw-r--r--pkg/backend/webapi.go47
-rw-r--r--pkg/bitmask/auth.go5
3 files changed, 29 insertions, 32 deletions
diff --git a/pkg/backend/api.go b/pkg/backend/api.go
index f63962c..0cab17f 100644
--- a/pkg/backend/api.go
+++ b/pkg/backend/api.go
@@ -6,6 +6,7 @@ import (
"C"
"fmt"
"log"
+ "strconv"
"unsafe"
"0xacab.org/leap/bitmask-vpn/pkg/bitmask"
@@ -76,8 +77,12 @@ func EnableMockBackend() {
go enableMockBackend()
}
-func EnableWebAPI() {
- go enableWebAPI()
+func EnableWebAPI(port string) {
+ intPort, err := strconv.Atoi(port)
+ if err != nil {
+ log.Fatal("Cannot parse port", port)
+ }
+ go enableWebAPI(intPort)
}
/* these two are a bit redundant since we already add them to ctx. however, we
diff --git a/pkg/backend/webapi.go b/pkg/backend/webapi.go
index a8844e8..568980d 100644
--- a/pkg/backend/webapi.go
+++ b/pkg/backend/webapi.go
@@ -5,31 +5,20 @@ import (
"log"
"net/http"
"os"
+ "strconv"
"0xacab.org/leap/bitmask-vpn/pkg/bitmask"
)
-func Adapt(h http.Handler, adapters ...Adapter) http.Handler {
- for _, adapter := range adapters {
- h = adapter(h)
- }
- return h
-}
-
-type Adapter func(http.Handler) http.Handler
-
-func CheckAuth(token string) Adapter {
- return func(h http.Handler) http.Handler {
- return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
- t := r.Header.Get("X-Auth-Token")
- if t == token {
- h.ServeHTTP(w, r)
- } else {
- w.WriteHeader(http.StatusUnauthorized)
- w.Write([]byte("401 - Unauthorized"))
- }
-
- })
+func CheckAuth(handler http.HandlerFunc, token string) http.HandlerFunc {
+ return func(w http.ResponseWriter, r *http.Request) {
+ t := r.Header.Get("X-Auth-Token")
+ if t == token {
+ handler(w, r)
+ } else {
+ w.WriteHeader(http.StatusUnauthorized)
+ w.Write([]byte("401 - Unauthorized"))
+ }
}
}
@@ -44,7 +33,6 @@ func webOff(w http.ResponseWriter, r *http.Request) {
}
func webStatus(w http.ResponseWriter, r *http.Request) {
- log.Println("Web UI: status")
fmt.Fprintf(w, ctx.Status.String())
}
@@ -54,12 +42,13 @@ func webQuit(w http.ResponseWriter, r *http.Request) {
os.Exit(0)
}
-func enableWebAPI() {
+func enableWebAPI(port int) {
+ log.Println("Starting WebAPI in port", port)
bitmask.GenerateAuthToken()
- auth := CheckAuth(bitmask.ReadAuthToken())
- http.Handle("/vpn/start", Adapt(http.HandlerFunc(webOn), auth))
- http.Handle("/vpn/stop", Adapt(http.HandlerFunc(webOff), auth))
- http.Handle("/vpn/status", Adapt(http.HandlerFunc(webStatus), auth))
- http.Handle("/vpn/quit", Adapt(http.HandlerFunc(webQuit), auth))
- http.ListenAndServe(":8080", nil)
+ token := bitmask.ReadAuthToken()
+ http.Handle("/vpn/start", CheckAuth(http.HandlerFunc(webOn), token))
+ http.Handle("/vpn/stop", CheckAuth(http.HandlerFunc(webOff), token))
+ http.Handle("/vpn/status", CheckAuth(http.HandlerFunc(webStatus), token))
+ http.Handle("/vpn/quit", CheckAuth(http.HandlerFunc(webQuit), token))
+ http.ListenAndServe(":"+strconv.Itoa(port), nil)
}
diff --git a/pkg/bitmask/auth.go b/pkg/bitmask/auth.go
index 519eaf1..a87a2ea 100644
--- a/pkg/bitmask/auth.go
+++ b/pkg/bitmask/auth.go
@@ -5,6 +5,7 @@ import (
"log"
"math/rand"
"os"
+ "path/filepath"
"runtime"
"strings"
"time"
@@ -12,7 +13,7 @@ import (
/* functions for local authentication of control endpoints */
-const tokenPath = "/dev/shm/bitmask-token"
+const bitmaskToken = "bitmask-token"
func GenerateAuthToken() {
if runtime.GOOS != "linux" {
@@ -20,6 +21,7 @@ func GenerateAuthToken() {
return
}
t := getRandomString()
+ tokenPath := filepath.Join(os.TempDir(), bitmaskToken)
err := ioutil.WriteFile(tokenPath, []byte(t), os.FileMode(int(0600)))
if err != nil {
log.Println("Could not write authentication token.")
@@ -31,6 +33,7 @@ func ReadAuthToken() string {
log.Println("Authentication token only implemented in linux at the moment.")
return ""
}
+ tokenPath := filepath.Join(os.TempDir(), bitmaskToken)
token, err := ioutil.ReadFile(tokenPath)
if err != nil {
log.Println("Error reading token:", err)